Skip to content

Cross Origin Resource Sharing MisConfiguration Scanner

Notifications You must be signed in to change notification settings

Shivangx01b/CorsMe

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

66 Commits
 
 
 
 
 
 

Repository files navigation



What is CorsMe ?

A cors misconfiguration scanner tool based on golang with speed and precision in mind !

Misconfiguration type this scanner can check for

How to Install

$ go get -u -v github.com/shivangx01b/CorsMe

Usage

Single Url

echo "https://example.com" | ./CorsMe 

Multiple Url

cat http_https.txt | ./CorsMe -t 70

Allow wildcard .. Now if Access-Control-Allow-Origin is * it will be printed

cat http_https.txt | ./CorsMe -t 70 -wildcard

Add header if required

cat http_https.txt | ./CorsMe -t 70 -wildcard -header "Cookie: Session=12cbcx...."

Save output in a file

cat http_https.txt | ./CorsMe -t 70 -output audit.logs

Add another method if required

cat http_https.txt | ./CorsMe -t 70 -wildcard -header "Cookie: Session=12cbcx...." -method "POST"

Tip

subfinder -d hackerone.com -nW -silent | ./httprobe -c 70 -p 80,443,8080,8081,8089 | tee http_https.txt
cat http_https.txt | ./CorsMe -t 70

Screenshot

1414

Note:

  • Scanner stores the error results as "error_requests.txt"... which contains hosts which cannot be requested

Ideas for making this tool are taken from :

CORScanner

Corsy

cors-blimey

Releases

No releases published

Packages

No packages published

Languages